Overview
Welcome to the Introduction to Formal Verification & Proof Assistants course (PROOF101)! This collaborative initiative between the GDG @ AUB Software Team and the AUB Math Society introduces you practical formal verification, the intersection of mathematics and programming, using the Lean4 proof assistant and programming language, which allows you to design and implement provably correct software systems.
Course Details:
- Primary Instructor & Organizer: Daniel Dia (dmd13@mail.aub.edu)
- Collaborative Initiative Between: GDG @ AUB (Software Team) and AUB Math Society
- Target Audience: ECE, CCE, CSE, CS, and other curious engineering/math (STEM) majors!
- Core Technology: Lean4
- Duration: 10 Weeks (1 session/week, 1.5 - 2.0 hours)
- Format: Hybrid (in-person meetings with live streamed & recorded lectures)
- REGISTRATION LINK (DEADLINE: Friday 23 January)
- Announcements WhatsApp Group
- Discord Server Link
- Last Updated: January 2026
Quick access to materials and important links:
Week 1 | Week 2 | Week 3 | Week 4 | Week 5 | Week 6 | Week 7 | Week 8 | Week 9 | Week 10
Motivation: Why Proof Assistants?
Ever wonder how software failures and bugs, like rocket malfunctions or medical devices that kill patients, could have been prevented? From the $370 million integer overflow (Ariane 5 explosion) to the race condition that killed 3 patients (Therac-25), catastrophic failures plague “correct-looking” code. To quote Edsger Dijkstra, “testing can show bugs exist, never their absence”. In PROOF101, we will teach you to mathematically prove your code is correct, not just exhaustively test it. We will study Lean4, an amazing proof assistant and programming language originally created by Microsoft Research, used to verify cryptography in Firefox and formalize Fields Medal-winning mathematics. Formal verification turns preventable catastrophic runtime crashes into compile-time errors, eliminating entire classes of bugs before they can cause any harm.
Whether you’re a computer scientist wanting to write “bulletproof” software, a mathematician interested in mechanized proof verification, or an engineer building “safety-critical” systems, you’ll gain a lot from this 10-week “crash course” (with the characteristics of a seminar) that will equip you with the tools and skills necessary for reasoning about programs with mathematical precision. Course features include: weekly interactive quizzes and assigned readings, occasional hands-on programming assignments in Lean4, and expert guest lectures from Dr. Rob Lewis (Brown University), Dr. Assaf Kfoury (Boston University), and Rida Hamadani (LMAP, France)!
Prerequisites: We essentially expect basic programming experience and familiarity with mathematical reasoning. No prior experience with functional programming or proof assistants required, since we’ll build everything from first principles, starting with the λ-calculus. Having completed courses equivalent to CMPS211 (Discrete Structures) or EECE230 (Intro to Computation & Programming in Python) is very helpful, but not strictly required.
Syllabus
Part 1: Foundations (Weeks 1-3)
Part 1 establishes what formal verification is about, why you should care about it, and introduces the foundational mathematical and programming concepts underlying proof assistants. Through real-world disasters and hands-on exploration, we’ll see why exhaustive testing often fails for safety-critical systems and how functional programming with dependent types provides a solution.
Week 1: Why Our Code Breaks (and How to Fix It)
From Ariane 5 to Heartbleed: The High Cost of Software Bugs (Wed 21 Jan)
We motivate the entire audience (especially software engineers and mathematicians) by showing the catastrophic failures of “correct-looking” code. Through a couple compelling case studies, including the Ariane 5 rocket explosion, the Therac-25 radiation machine, and the Heartbleed bug, we’ll examine the limits of testing and introduce the concept of formal verification as a path to (almost*) truly reliable software.
- Real-world software disasters (case studies): Ariane 5, Therac-25, Heartbleed
- Fundamental limitations of testing: finite inputs vs infinite possibilities, cannot test all executions/timing/concurrency, adversarial behavior, Dijkstra’s principle
- Formal verification foundations: mathematical proofs of program correctness, catching errors at compile-time, automated vs interactive theorem proving
- Introduction to proof assistants: Rocq/Coq, Isabelle/HOL, Agda, Lean4, Curry-Howard correspondence
- Why Lean4: combines automation with verification guarantees, small trusted kernel (De Bruijn criterion), practical programming language, modern and actively developed
- Dependent types: types depending on values, encoding invariants directly in types, catching bugs at compile-time
- What could have been prevented: turning catastrophic runtime crashes into compile-time type errors for all three disasters
- Readings on formal methods and software security
- PROOF101 (Intro to Formal Verification & Proof Assistants) Quiz 1
- PROOF101 “Programming” Assignment 1 (it will be fun!)
Week 2: Dependent Types
Introduction to Lean4 and Dependent Type Theory (Mon 26 Jan)
We gently introduce Lean through The Hitchhiker’s Guide to Logical Verification chapters 1-2, covering types, terms, type definitions, type inference, function definitions, and theorem statements. This session also includes a brief overview of functional programming and begins a long introduction to λ-calculus that will continue in Week 3.
- Lambda calculus foundations: λ-abstraction syntax, β-reduction, α-conversion, Church encodings, higher-order functions, currying
- Simply typed lambda calculus: adding types for safety, type checking and inference, type judgments, function types, why types matter
- Curry-Howard correspondence: programs ↔ proofs, types ↔ propositions, → ↔ ⟹, × ↔ ∧, + ↔ ∨, ∀ as dependent functions, type checking = proof checking
- Types in Lean: basic types, function types, type constructors (
List), product types (×), sum types (+),Optiontypes, polymorphism with type variables - Inductive types: natural numbers (Peano), lists, binary trees, pattern matching, structural recursion, “no junk, no confusion” principle
- Dependent types: types depending on values, dependent function types (Π-types), Barendregt’s λ-cube
- Lean’s architecture: elaborator vs kernel, De Bruijn criterion, De Bruijn indices
- Readings on type theory and dependent types
- PROOF101 (Intro to Formal Verification & Proof Assistants) Quiz 2
- PROOF101 Programming Assignment 2
Week 3: Functional Programming
An Introduction to Functional Programming in Lean4 (Mon 2 Feb)
We explore logic and programming paradigms as motivation (imperative, OOP, functional, etc.). Using Lean4, by applying what we have learned in week 2, we cover the basics of functional programming and typed functional programming through The Hitchhiker’s Guide to Logical Verification chapter 5.
- Historical context (1936-2005): lambda calculus vs Turing machines, software crisis (1960s), OOP (Smalltalk vs C++/Java), Tony Hoare’s “billion dollar mistake” (1965), concurrency wall (2005)
- Pure functions and side effects: deterministic, no observable side effects, benefits of FP
- First-class and higher-order functions: functions as values,
map,filter,fold,compose - Currying and partial application: transform
f:(α×β)→γintof:α→β→γ, enables partial application, utility functions - Inductive types in practice: enumerations, structures, sum types,
Optiontypes, recursive types, polymorphism with type variables - List and tree operations:
map,filter,fold,zipWith,dropWhile,partition,interleave,splitAt,findIndex, tree operations, tree traversals - Pattern matching and mathematical induction: pattern matching on constructors, structural induction on lists, structural induction on trees
- Readings on functional programming
- PROOF101 (Intro to Formal Verification & Proof Assistants) Quiz 3
- PROOF101 Programming Assignment 3
Part 2: Lean4 Fundamentals (Weeks 4-6)
Part 2 dives hands-on into Lean4. We’ll write our first proofs, understand the practical applications of dependent types, and build a practical toolkit of proof tactics. This section features guest lectures from Prof. Nadim Kobeissi and Rida Hamadani.
Week 4: Intro to Tactic-based Proving (Guest Session)
Proving Your First Theorem: An Introduction to Lean4 (Mon 9 Feb)
Guest lecturer Rida Hamadani, from the Laboratory of Mathematics and their Applications of Pau, will guide you through both backward and forward proof techniques in Lean4, covering The Hitchhiker’s Guide to Logical Verification chapters 3 and 4. We’ll explore the tactic mode, structured constructs, calculational proofs, and the Propositions-as-Types (PAT) principle.
Guest Lecturer:
- Rida Hamadani (they/them) — Mathematical formalization researcher, former Lean Expert at Harmonic, Graduate student in resurgence theory (LMAP, France) | Website
- The Hitchhiker’s Guide to Logical Verification chapter 3 (backward proofs): tactic mode, basic tactics, reasoning about logical connectives and quantifiers, reasoning about equality, proofs by mathematical induction, cleanup tactics
- The Hitchhiker’s Guide to Logical Verification chapter 4 (forward proofs): structured constructs, forward reasoning about connectives and quantifiers, calculational proofs, forward reasoning within tactic-based proofs, reasoning about proof terms (emphasis on Lean 4), the Propositions-as-Types principle, induction by pattern matching and recursion
- Readings on tactic-based proofs in Lean4
- PROOF101 (Intro to Formal Verification & Proof Assistants) Quiz 4
Week 5: Proofs & Semantics
Finishing up proof tactics and exploring formal semantics (Mon 16 Feb)
We’ll review backward and foward proofs in Lean4, introduce inductive predicates through The Hitchhiker’s Guide to Logical Verification chapter 6, and take a good look at operational semantics through chapter 3 (for culture, essentially).
- Review of proof techniques: backward proofs, forward proofs, calculational proofs, mixing both styles within proofs
- Propositions-as-Types (PAT) principle: programs ↔ proofs, types ↔ propositions, type checking = proof checking, universal quantification as dependent functions, tactics compile to proof terms
- The Hitchhiker’s Guide to Logical Verification chapter 6 (inductive predicates): functions of type
... → Prop, introduction/elimination rules, examples, logical symbols as inductive predicates, rule induction - The Hitchhiker’s Guide to Logical Verification chapter 3 (operational semantics): formal semantics of programming languages, the WHILE language, State = String → ℕ
- Big-step semantics: judgment (S, s) ⟹ t, rules for each construct, determinism property, limitations
- Small-step semantics: judgment (S, s) ⇒ (S’, s’), configurations, reflexive transitive closure using
Star, can express nontermination and intermediate states, comparison with big-step, equivalence
- Readings on tactics, inductive predicates, and operational semantics
- PROOF101 (Intro to Formal Verification & Proof Assistants) Quiz 5
- PROOF101 Programming Assignment 5
Week 6: Contributing to Mathlib (Guest Session, AUB Math Society)
Formalizing Mathematics and Contributing to Mathlib (Wed 25 Feb)
Co-organized with the AUB Math Society, this hands-on session by Rida Hamadani will show you the complete workflow of mathematical formalization in Lean4: from reading a theorem on paper to contributing verified mathematical proofs to Mathlib or CSlib. Learn how to navigate the library, find existing theorems, use the Blueprint system for large-scale formalization projects, and interact with the Lean community effectively.
Guest Lecturer:
- Rida Hamadani (they/them) — Mathematical formalization researcher, former Lean Expert at Harmonic, Graduate student in resurgence theory (LMAP, France) | Website
- Approaching a mathematical theorem: from paper to Lean4
- How
Mathlibis organized: navigating the library - Finding whether a theorem already exists in
Mathlib - The formalization workflow: writing, testing, and documenting
- Interacting with the Lean community: asking questions and getting feedback
- Finding good projects and identifying contribution opportunities
- Real-world examples: examining actual
Mathlibcontributions
- Explore the
Mathlibdocumentation - Optional: Browse recent
Mathlibpull requests - PROOF101 (Intro to Formal Verification & Proof Assistants) Quiz 6
Part 3: Real-World Applications (Weeks 7-8)
Part 3 connects proof assistants to real-world applications. We’ll see how formal verification is used in high-assurance cryptography and explore advanced metaprogramming techniques including monads, custom tactics, and automated decision procedures.
Week 7: Mathematical Foundations of Proof Assistants (Guest Session)
The Type-Theoretic Foundations That Make Proof Assistants Possible (Mon 9 March)
This session bridges the pragmatic use of Lean with the mathematical theory (i.e. type theory) that makes proof assistants work. Building on prior weeks’ hands-on experience with tactics and functional programming in Lean4, we will learn about the foundations of type theory, the Curry-Howard isomorphism between proofs and programs, and algorithms for type inhabitation and counting.
- TBD
- Readings on type theory and proof assistants
- PROOF101 (Intro to Formal Verification & Proof Assistants) Quiz 7
Week 8: Monads, Tactics, and Applications
Advanced Metaprogramming and Decision Procedures (Mon 16 March)
Dr. Rob Lewis from Brown University will guide us through different strategic approaches to tactic design, from direct proof manipulation to sophisticated decision procedures, with a deep dive into how tactics like linarith work under the hood.
Guest Lecturer:
- Dr. Rob Lewis — Assistant Professor of Computer Science (Brown University), instructor of CS1715 (Formal Proof and Verification)
- The Hitchhiker’s Guide to Logical Verification chapter 7 (effectful programming): monads and effectful programming,
pureandbindoperations, monad laws, examples (Option,State,Set,IO) - The Hitchhiker’s Guide to Logical Verification chapter 8 (metaprogramming): metaprogramming fundamentals,
Expr,MVarId,MetaMmonad, quotation withQandq - The Hitchhiker’s Guide to Logical Verification chapter 8: writing custom tactics, implementing
interval_casesstep-by-step - Additional topics from THGLV: representing syntax, interpretation functions, verified normalization, boolean expression example, decision procedures, linear arithmetic solving, certificate checking, Fourier-Motzkin elimination, the
linarithtactic architecture - Applications to static analysis and program verification
- Readings on metaprogramming and decision procedures
- PROOF101 (Intro to Formal Verification & Proof Assistants) Quiz 8
Part 4: Final Project & Next Steps (Weeks 9-10)
Part 4 is dedicated to your final project. You’ll apply everything you’ve learned to verify a small but meaningful property, with dedicated support from session leaders and the opportunity to showcase your work.
Week 9: The Broader Landscape & Project Kick-off
Lean, Rust, and the Future of Reliable Software (Wed 23 March)
We tie all concepts together and launch the final project. You’ll understand how Rust’s borrow checker acts as a “proof system,” survey other tools in the landscape (Rocq/Coq, Agda, F*), and begin brainstorming your own verification project.
- The verification landscape: brief overview of Rocq/Coq, Agda, F*, Dafny, Isabelle/HOL, when each tool is used
- The memory management problem: manual memory management in C/C++, garbage collection in Java/Python/Go, tradeoffs between safety and performance
- Rust’s ownership system: ownership rules, preventing use-after-free and double-free at compile time with zero runtime overhead
- Rust’s borrowing system: shared references (
&T) for read-only access, mutable references (&mut T) for exclusive write access, borrowing rules, preventing data races, and iterator invalidation at compile time - Lifetimes: tracking reference validity, preventing dangling references, lifetime annotations (
'a) for explicit lifetime relationships, compiler ensures references never outlive data - Rust’s type system as practical compromise: memory safety without garbage collection, zero-cost abstractions, performance equivalent to C/C++, prevents security bugs but cannot prove arbitrary properties (like Lean/Rocq)
- The borrow checker as a lightweight proof system: affine types (ownership), linear logic (resources consumed once), connection to formal verification, automatic verification during compilation
- Real-world adoption: Microsoft (Windows components), Google (Android), Linux kernel, AWS Firecracker, growing industry adoption
- Final project kick-off: brainstorming session, project scope and requirements, choosing between math and algorithms tracks, optional
MathliborCSlibcontributions with Rida’s guidance, technical support
- PROOF101 (Intro to Formal Verification & Proof Assistants) Quiz 9
- PROOF101 Programming Assignment 9 — Final Project Proposal
Week 10: Project Showcase & Wrap-up
Project Showcase, Competition, and ‘Where to Go From Here’ (Wed 1 Apr)
Celebrate your achievements! Every project gets a 5-10 minute demo, we award “Best Project,” discuss contributing to Mathlib, and present all Certificates of Distinction. This is just the beginning of your formal verification journey!
- 5-10 minute demos from all projects
- “Best Project” award
- Discussion on contributing to
Mathlib - Certificate of Distinction ceremony
Resources
Course Textbooks
All course textbooks are freely available online:
The Hitchhiker’s Guide to Logical Verification
Structured concise textbook covering proof assistants and formal verification (PDF).Theorem Proving in Lean 4
The primary course reference for Lean4 syntax, tactics, and proof techniques.Functional Programming in Lean 4
Comprehensive guide to functional programming concepts in Lean4.
Additional Resources
- Lean4 Documentation
MathlibDocumentation- Lean Zulip Chat
- Natural Number Game - Interactive tutorial (highly recommended!)
- Lean Community
Installing Lean4
See our instructions on how to install Lean4.
Requirements & Policies
Programming Assignments
Throughout the course, you’ll complete 4 programming assignments that reinforce concepts through hands-on Lean4 programming. Assignments involve replacing sorry placeholders with working implementations, ensuring code type-checks, and testing thoroughly.
PROOF101 maintains a strict zero-tolerance policy for academic dishonesty. Copying work, sharing solutions, or use of LLMs unacknowledged is prohibited and will result in zero credit and ineligibility for certification.
For complete guidelines, submission instructions, and academic integrity policies, see the Programming Assignments page.
Certification
Certificate of Distinction: Participation is open to all, but certification is reserved for those who demonstrate mastery.
Core Requirements:
- Attend a minimum of around 8 out of 10 sessions
- Complete all weekly check-ins (short interactive quizzes)
- Engage with all (occasional) programming assignments and weekly assigned readings
- Complete and present a final mini-project during the Week 10 showcase
Final Projects
Your final project demonstrates mastery by applying formal verification to a topic you care about. Choose between:
- Mathematical Track: Formalize a theorem and its proof
- Algorithmic Track: Verify properties of an algorithm or data structure
Optional: Some students may choose to contribute to Mathlib or CSlib as their project, with guidance and review from Rida Hamadani.
For complete project requirements, guidelines, and examples, see the Final Projects page.
Acknowledgments
This course would not have been possible without the generous support and contributions of many individuals and organizations.
Special Thanks to Our Faculty Mentors:
- Dr. Kinan Dak al Bab (Boston University) — for invaluable feedback, support, and coordinating our guest lecturer for Week 8
- Dr. Assaf Kfoury (Boston University) — for ongoing support and guidance
Guest Lecturers:
- Rida Hamadani (LMAP, France) — Week 6: Contributing to
Mathliband Blueprint, and for offering to reviewMathlib-related final projects - Dr. Rob Lewis (Brown University, CS1715 Fall 2025) — Week 8: Monads, Tactics, and Applications
- Dr. Assaf Kfoury (Boston University) — [TBD]: The Mathematical Foundations of Proof Assistants
Organizational Support:
- Google Developer Groups @ AUB — for invaluable support in organization and logistics, especially Mohamad Nassif, Antonio Makhoul, Ahmad Al Rabia, and the entire Software Team
- AUB Math Society — for co-organizing this initiative and providing essential support, especially Mohammad Shouman, Sebastian Naja, and Georges Sakr
Design:
- Alina Gurskaya — for designing the course logo and visual materials
And to all participants who bring energy, curiosity, and dedication to making this learning community thrive.
For a complete list of contributors to the course materials, see our PROOF101 “Contributors” page.
License
Introduction to Formal Verification & Proof Assistants (PROOF101) by Daniel Dia and contributors is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International.
This means you are free to:
- Share — copy and redistribute the material in any medium or format
- Adapt — remix, transform, and build upon the material
Under the following terms:
- Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made
- NonCommercial — You may not use the material for commercial purposes
- ShareAlike — If you remix, transform, or build upon the material, you must distribute your contributions under the same license
For the complete license text, visit: https://creativecommons.org/licenses/by-nc-sa/4.0/legalcode